Glossary of Terms

Secure USB

Glossary of Terms - Secure USB

Glossary
Advanced Encryption Standard Commonly known as AES, a popular symmetric key encryption system. AES has been adopted as a US government standard.1 AES is specifically a definition of a symmetric block cipher that can process data in 128 bit blocks using cipher keys in 128, 192 and 256 bit lengths. The standard was the winner of a competition held by NIST (the National Institute of Standards and Technology, an agency of the US Department of Commerce) to replace the outdated DES (Data Encryption Standard). The name of the proposed standard was Rijndael (a play on the submitters names) and the standard is still often referred to as Rijndael in some literature. AES is a subset of Rijndael, which supports other block sizes and key lengths. AES envisions a block of data as a matrix, i.e. a 4x4 array of bytes. The core of the algorithm is a series of matrix transformations which modify the data based on the cipher key. Internally, the matrix being operated on is known as the state. The particulars of the algorithm may be found in the NIST FIPS 197 document describing the specification. The standard specifies that for each key length a specific number of rounds is performed. A round consists of 4 specific operations in the heart of the AES algorithm. As with a larger key, a larger number of rounds increases the work required of any attacks with an element of brute force. In the table below the key length Nk and block size Nb both refer to a number of 32-bit words.

AES, implemented properly, is highly resilient against attack. Its design allows for very fast implementations in both hardware and software. Successful attacks have been reported, but they generally succeed against the weaker key/round combinations than those described in the specification.. No successful attacks against AES-256 with 14 rounds have been reported. AES See: Advanced Encryption Standard AES Block Cipher Mode A cipher specification like AES defines how to encrypt a single packet. An encryption implementation also needs to select a block cipher mode to define how multiple packets may be encrypted using a single key. Different modes have different strengths and weaknesses in terms of susceptibility to attack, performance, and applicability to different types of data. Some of the popular

FIPS 197 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

Glossary of Terms - Secure USB

modes include CBC, CFB, CTR, ECB, OCB, OFB and XTS. Asymmetric Encryption An encryption system in which encryption and decryption use different, although related keys. No shared secrets are necessary with asymmetric encryption. Public Key Encryption is an example of asymmetric encryption. See also: Symmetric Encryption, Public Key Encryption Authentication The validation of the identity of a user, a device or any information object. The entity seeking authentication presents one or more authentication factors, the most common of which is a password. The use of multiple factors increases the confidence of the validation. For example, a user logging on to a bank over the Internet could be asked for a password, a one-time password, and the bank may check other factors such as the users IP address and characteristics of their computer and software. In the authentication process, many factors are reduced to a key by means of a key derivation function, the heart of which is usually a cryptographic hash algorithm. These keys are checked against the values expected for the user and a validation decision follows. Note that authentication is separate from authorization, which is the determination of whether a user or program or computer should have access to a resource. See also: Authentication factors Authentication Factors A user requesting authentication is judged by the authenticating authority based on one or more factors. These factors tend to fit into one of 3 categories: something you know, something you have, or something you are. Systems which require factors from more than one category are stronger as a result. The famous example of the first category, something you know, is the password. The problem with relying strictly on passwords is that they can come to be known by others through a variety of means: they can be stolen off the computer by malware such as a keylogger, sniffed off the network if transmitted in the clear, or given to the attacker by a user tricked by a social engineering attack such as phish. Passwords can also be strong or weak, and good authentication policy requires the use of strong passwords which must be changed periodically. Something you have can be a physical key, a swipe card like an ATM card, a smart card, or a one-time password device like an RSA SecurID fob2. The latter 2 are stronger because they present a different, but verifiable key to the authority at different times, while a physical key or ATM card can be lost or copied. Something you are is something unique about you, such as a fingerprint, a voice print, or a retinal scan. In the example of the user logging on to the bank over the Internet, the IP address and PC characteristics are, in essence, an example of something you are, but they also demonstrate how systems need to be flexible at times in authentication. Banks often perform such checks and when they see a change in pattern, such as a connection from a computer or network never before used, they will respond with an authentication challenge, such as asking the user their secret question (e.g. mothers maiden name). See also: Authentication Block cipher A cipher which operates on a fixed-size block of clear text.

http://www.rsa.com/node.aspx?id=1156

Glossary of Terms - Secure USB

Brute Force Attack An attack against a security boundary that attempts to cycle through possible solutions rather than to exploit a weakness in the boundary. In the context of cryptography, a brute force attack typically attempts to decrypt using all or some possible values of a key, looking for a correct solution. Brute force attacks typically cannot be prevented, but they can be made impractical through a sufficiently large range of possibilities. CA See Certifying Authority CBC See Cipher Block Chaining block cipher mode CBC-MAC See Cipher Block Chaining Message Authentication Code CCM (Counter with CBC-MAC) A block cipher mode which includes authentication using a MAC (Message Authentication Code). It is a combination of CTR mode for encryption and CBC-MAC mode for authentication.3 CCM was released in reaction to the release of OCB and its submission as a standard. OCBs combination of encryption and authentication is useful, but the design is covered by patents. CCMs submitters disclaimed any intellectual property rights. See also: Block Cipher Mode, CBC, CTR, OCB Certificate Authority See Certifying Authority Certifying Authority An entity on a network, such as the Internet which issues and vouches for digital certificates. The CA digitally signs the certificate and places in it values that 3rd parties can use to check for the authenticity and validity of the certificate. A CA can be either internal or external: Public CAs issue digital certificates for use on the Internet. An organization can also create an internal CA to issue certificates for use on the private network to authenticate users, computers, or many other objects. Microsofts Active Directory Certificate Services4 and OpenCA5 are examples of products you could use to set up such an authority. A user provides an identity to the CA and the CA returns a digital certificate, which is formatted using the X.509 standard, with public and private keys. The user uses these keys to sign, encrypt and authenticate data. CFB (Cipher feedback) Similar to CBC, but operates in the manner of a stream cipher, in which bytes are operated on in sequence, rather than in blocks. At each stage, the key is based on clear text XORed with

3 4 5

http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf http://technet.microsoft.com/en-us/windowsserver/dd448615 http://www.openca.org/

Glossary of Terms - Secure USB

the encrypted value of the previous cipher text. 6 See also: Block Cipher Mode Cipher An algorithm for performing encryption or decryption. A cipher takes a number of inputs, minimally including either clear text to be encrypted or cipher text to be decrypted, and a key to use in the process. It outputs either cipher text or clear text. It may also take, or generate, other factors used in the process, such as an initialization vector. See also Block Cipher Mode Cipher Block Chaining A block cipher mode. Prior to encryption, each clear text block is XORed with the preceding cipher text block. This adds variability to variable data which is encrypted, but if two succeeding blocks of clear text are identical (all nulls, for example), then the encrypted blocks will be as well. This is why CBC also uses an initialization vector.7 Cipher Block Chaining Message Authentication Code A method for constructing a message authentication code in a block cipher mode. 8 Cipher Text Data output from a cipher function, i.e. encrypted data. Cipher text is also input to an inverse cipher function. See also: Plain text Clear Text Data input to a cipher function, i.e. unencrypted data. Clear text is also output from an inverse cipher function. See also: Cipher Text, Plain Text Common Criteria A set of agreements forming an international standard (ISO/IEC 154089) for the description and certification of computer security products and services. The CC specification10 describes a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation. The current version of the CC is 3.1. There are several independent testing organizations which test products for conformance to the CC. The TOE (Target of Evaluation) is the term used for the product being evaluated. Several documents are part of the evaluation process.

The PP (Protection Profile) describes the requirements for products designed for a particular purpose. The ST (Security Target) describes the security properties required of a product in a particular class. An SFR (Security Functional Requirement) describes the security objectives of the TSF.
6 7 8 9 10 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf http://www.iso.org/iso/catalogue_detail.htm?csnumber=40612 http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R3.pdf

Glossary of Terms - Secure USB

An SAR (Security Assurance Requirement) describes how to test whether the TOE satisfies the SARs. Finally, an EAL (Evaluation Assurance Level) is a rating rating from 1 to 7 describing the level of conformance to the SAR.
Confidentiality Credentials In the context of cryptography, credentials are authentication factors presented to an authenticating authority. Examples are user names and passwords, physical devices like smart cards, or a digital certificate. See also: Authentication, Authentication Factors Critical Security Parameter (CSP) A CSP is a factor in or an input to a cryptographic process, the exposure of which would compromise the security of the process. Private keys are an example of a CSP. See also: Public Key Cryptography, PKI, Private Key, Private Key Cryptography CTR (Counter) Like CFB, CTR operates as a stream. The keystream is generated by encrypting values of a counter. The counter can be a simple counter (1, 2, 3), as the most important thing is for it not to repeat, but more complex functions are also used.11 See also: Block Cipher Mode Cyber Command See United States Cyber Command Cyber Warfare In recent years computer security and national security experts have come to recognize that developed countries like the United States rely heavily on their computing infrastructures for critical everyday functions like banking and telecommunications. Therefore it is reasonable to assume that in a conflict between states, or perhaps states and certain non-state actors, computer infiltrations and other cruder attacks might be used against countries infrastructures. Such scenarios are known as cyber warfare. Governments are interested both in defensive strategies to combat attack and offensive strategies to conduct them. One can argue that, as with nuclear weapons, a strong arsenal of offensive cyber weapons on all sides can function as an effective deterrent. There have been a few real-world examples of the scenario. In 2007, in the midst of a dispute between Russia and Estonia over the relocation of a Soviet-era grave marker in Estonia, large-scale attacks were conducted from Russia against Internet-facing Estonian institutions including banks, government ministries, the Parliament and newspapers.12 The Estonian government accused the Russian government of involvement, but the Russians denied this, and it is conceivable that the attacks were launched purely by Russian civilians. The inability to pin down the source of an attack with any certainty is one of the greatest problems presented by cyber warfare. There were similar, smaller-scale attacks in 2008 from Russia against Georgia during the war between the two countries.13

11 12 13

http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia http://en.wikipedia.org/wiki/Cyberattacks_during_the_2008_South_Ossetia_war

Glossary of Terms - Secure USB

There is also evidence that the Stuxnet worm, which attacked industrial facilities running certain Siemens industrial control software, was a targeted attack by Israel and the United States against Iranian nuclear facilities.14 DARTT (U.S. Government Data At Rest Tiger Team) DARTT is a multi-agency task force of the US government which provides DAR (Data At Rest) encryption solutions for mobile computing devices and removable storage. DARTT was founded in reaction to research demonstrating the feasibility of attacks against such data, including encrypted notebook hard drives. Data Encryption Standard See Digital Encryption Standard (DES) Data Integrity The assurance that data has not been modified, either deliberately or accidentally. This can be provided through technical means such as a MAC (message authentication code). DES See Digital Encryption Standard (DES) Decryption The use of an inverse cipher to translate encrypted cipher text into clear text. See also: Inverse Cipher Dictionary Attack An attempt to compromise a password by cycling through a list of words (i.e. a dictionary). These attacks are effectively combated with large, complex passwords which are not standard, correctly-spelled words. Administrators may also choose to disable access to accounts which have had a large number of incorrect password attempts in a short period of time. Digital Certificates An electronic document which includes identity information, a public key belonging to the identity. The entity issuing the certificate digitally signs it and includes the signature in the certificate. In the Public Key Infrastructure users and other entities need to make their public keys public so that other users can verify digital signatures and decrypt data they have issued; such parties are called issuing parties. Because digital certificates are signed by an issuing authority, the party checking the signature can verify that the certificate was indeed signed by that authority. If this user trusts the authority to properly vet the certificate owner, then he can trust that the public key indeed belongs to the user identified in the digital certificate. See also: Public Key Infrastructure, Asymmetric Encryption, Digital Signature, Public Key, Private Key Digital Encryption Standard (DES) A symmetric block cipher. When it was designated in 1976 as an official Federal Information Processing Standard (FIPS) by the US government15, DES and its 56-bit shared secret key were considered by many to be strong. But today the 56-bit key and 16 rounds are undeniably inadequate. On modern hardware, DES can be successfully attacked using brute force in a matter of hours. The DES cipher is still respected and used to better effect in Triple-DES. See also Triple-DES, Symmetric Encryption, Brute Force Attack

14 15

http://blogs.pcmag.com/securitywatch/2011/01/stuxnet_called_an_israeli-us_j.php http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

Glossary of Terms - Secure USB

Digital Signature A digital signature is part of a scheme for using asymmetric public key encryption to verify the identity of the signer of a document and that the document has not been modified since signature. Digital signatures are used widely for verification of software distribution, of documents, and many other forms of data. Numerous other security specifications use digital signatures: the secure DNS specification DNSSEC puts signatures of DNS entries directly into the DNS. The DomainKeys Identified Mail (DKIM) specification puts digital signatures in e-mail headers to verify the identity of the sender. Digital signatures require a key pair a public key and a private key, and code to generate and verify signatures. A user can use their private key and the signature algorithm to sign the document (technically, only a hash of the document is signed). Another user can use the verification code and the public key to verify that the signature is a correct one for the document. See also: Public Key Infrastructure, Asymmetric Encryption, Public Key, Private Key ECB Block cipher mode See Electronic Code Book Block cipher mode ECC (elliptic curve cryptography) ECC is a variation on public key cryptography which uses a different method of key generation. Conventional public key cryptography using RSA algorithms depends on the difficulty of factoring the product of large prime numbers to make keys difficult to deduce.16 ECC uses a different asymmetric key algorithm, the Discrete Logarithm Problem17: Let P and Q be two points on an elliptic curve such that kP = Q, where k is a scalar. Given P and Q, it is computationally infeasible to obtain k, if k is sufficiently large. k is the discrete logarithm of Q to the base P. Hence the main operation involved in ECC is point multiplication. i.e. multiplication of a scalar k with any point P on the curve to obtain another point Q on the curve. ECC keys are believed to be inherently stronger than RSA keys so that, for example, a 160-bit ECC key is equivalent in strength to a 1024-bit RSA key. ECDSA (Elliptic Curve Digital Signature Algorithm) A standard (ANSI X9.62:2005) describing a digital signature algorithm which uses elliptical curve cryptography. It is approved by NIST in FIPS 186-318, but with additional requirements. Electronic Code Book block cipher mode This is the simplest mode: the data is divided into blocks of equal size and each is encrypted with the key. It has a deservedly poor reputation because it leads to poor obfuscation of data patterns and is susceptible to attack, including replay attacks. See also: Block Cipher Mode Encryption The use of a cipher to translate clear text into encrypted cipher text. See also: Cipher Entropy Randomness as generated by software on a computer, typically the operating system, from various sources such as hardware timings and mouse movements. Randomness is important to the secure
16 17 18 http://www.secg.org/download/aid-780/sec1-v2.pdf http://www.tataelxsi.com/whitepapers/ECC_Tut_v1 _0.pdf%3Fpdf_id%3Dpublic_key_TEL.pdf http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf

Glossary of Terms - Secure USB

use of cryptography. Ephemeral Key A short-lived key which is unique to each execution of a key establishment process. Federal Information Processing Standard (FIPS) A set of information technology standards issued by NIST (the National Institute of Standards and Technology)19. Many of the standards are security-related and respected in both the public and private sectors. FIPS 140-2 (various levels) A US government standard for the security requirements of hardware cryptographic modules20. The specification covers many aspects of module design and operation, including ports and interfaces, authentication, physical security, key management, and electromagnetic interference/ electromagnetic compatibility (EMI/EMC). There are 4 levels of FIPS 140-2 compliance: 1. Level 1 is the lowest, most basic level. The device must use at least one approved algorithm or security function. No physical security measures are required. For example, a PC hardware security card running in an unprotected operating system like Windows 98 is allowed. 2. Level 2 is a big step up from Level 1. It requires that device packaging be tamper-evident, such as through seals or pick-resistant locks. Authentication requirements are also included, with a minimum of role-based authentication. The hardware can run in a host computer, but that environment must meet certain specified requirements. 3. Level 3 products must be tamper-resistant and have a high probability of detecting and responding to attempts at physical access. Identity-based authentication mechanisms are required and users must be authenticated for particular roles. The hardware can run in a host computer, but that environment must meet certain specified requirements (including and above those required for Level 2). 4. Level 4, the highest level, is aimed at unprotected environments. The device must have a very high level of physical protection of the cryptographic hardware. Any attempt to get beyond packaging protections which gets close has to zero out all data in the hardware. At the same time, the device needs to be rigorous enough not to have false intrusion positives. Environmental compromises of the packaging, such as from temperature or voltage, must also be detected and protected against. IEEE P1619 A set of standards for the encryption of stored data. The standards are managed by the IEEE Security in Storage Working Group21. Among the standards are:

P1619 Narrow-Block Encryption P1619.1 Authenticated Encryption P1619.2 Wide-Block Encryption P1619.3 Key Management

ISO/IEC 7816 An international standard for characteristics and behavior of smart cards, jointly managed by the International Organization for Standardization (ISO) and the International Electrotechnical
19 20 21 http://www.itl.nist.gov/fipspubs/ http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf http://siswg.net/

Glossary of Terms - Secure USB

Commission (IEC)22. The standards managed by the group are:

ISO 7816-1: Physical characteristics ISO 7816-2: Dimensions and location of the contacts ISO 7816-3: Electronic signals and transmission protocols ISO 7816-4: Industry commands for interchange ISO 7816-5: Number system and registration procedure for application identifiers ISO 7816-6: Interindustry data elements

Hardware-Based Encryption Encryption using a hardware encryption device, also known as a cryptographic module. Standards for such devices are defined in FIPS 140-2. Hardware encryption devices can be more resistant to attack because they use dedicated cryptographic processors which if implemented well are protected against infiltration from the outside. They are encryption black boxes to the user or program which calls on them. High-end hardware encryption devices are tamper-resistant and may even destroy all their internal data if a tampering attempt is serious enough. High-end devices also include sophisticated authentication modes, such as the k of n authentication in which some specified number of a group of users must sign off on an operation. See also FIPS 140-2 Hash function A hashing function is a mathematical process that creates a hash value, often called a digest, which has a 1:1 correspondence with the input data. This digest provides no hints of how to recreate the original data, and even a small change in the original data should result in a significant change in the hash value. The SHA-1 hash function, a very popular one, produces a 160-bit digest. The SHA (Secure Hash Algorithm) functions are governed by the National Institute of Standards and Technology (NIST). Hashes are used extensively in cryptography. See also: SHA Initialization vector A block of data prepended to the clear text in order to introduce variability into the cipher text. A good initialization vector is long and randomly generated for each instance. Inverse Cipher An algorithm or implementation of an algorithm which takes cipher text as input and produces clear text. Key Derivation Function (KDF) A program which derives an encryption key from one or more inputs. KDFs are typically used for password key derivation: Your password is not likely in a form to be used directly as a key. A KDF combines the password with a salt value and processing to output a key. The KDF will also take as an input a number of iterations of some core sub-function it should execute. The resistance of the key to attack increases with the number of iterations. KDFs typically have, at their core, cryptographic hash functions. Interestingly, it is considered best practice for a KDF to execute deliberately slowly. This frustrates attempts at dictionary attacks. The trick is not to take so long as to bother the user.

22

http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816.aspx

10

Glossary of Terms - Secure USB

Man in the middle attack (MiTM) An attack in which the attacker observes, and potentially modifies, communications between two parties. An MiTM can be conducted in a single system by a rogue process against inter-process communications between two others; a keylogger is an example of such an attack. MiTM attacks are also found on network against communications between systems. Consider a common example: On many networks communications are, by default, unencrypted and unauthenticated. Connections on public Wi-Fi networks, of the sort you find in coffee houses, are unprotected at the network layer. (The login on such networks is only to grant you gateway access to the Internet.) Users who connect to web sites through plain HTTP without SSL are vulnerable to easy MiTM attacks, as was demonstrated in 2010 by the Firesheep tool23. Encryption and authentication through means such as public key encryption can prevent man-inthe-middle attacks, but errors in implementation can still create openings for them. Researcher Moxie Markinspikes SSLStrip work24 demonstrates how common implementation weaknesses can open an SSL connection to MiTM attacks. MAC See Message Authentication Code Message Authentication Code A value, typically a hash, which serves to verify the correct contents of a block of data. Multi-factor authentication An authentication process which requires more than one factor, such as a password and a one-time-password code. See also: Authentication, Authentication Factors, One Time Password Non-repudiation Non-repudiation is a principle of assurance that the sender of a message can be assured that the recipient received it, and that the recipient can be assured of the senders identity. In this way, neither can disclaim participation in the conversation. Nonce Short for number used once and used in authentication. Usually generated randomly and included to protect against replay attacks. OCB (Offset Codebook Mode) A block cipher mode which includes a MAC (Message Authentication Code) so as to integrate authentication of the cipher text along with decryption of it.25 With other modes, authentication needs to be performed separately. OCB is covered by patents, but the authors allow use for products released under the GPL (GNU General Public License) and for non-commercial implementations. See also: Block Cipher Mode OFB (Output Feedback Mode) See also: Block Cipher Mode

23 24 25

http://codebutler.com/firesheep http://www.thoughtcrime.org/software/sslstrip/ http://www.cs.ucdavis.edu/~rogaway/ocb/

11

Glossary of Terms - Secure USB

One Time Password A password that is valid for only one authentication session. Such passwords may be generated in a number of ways. One-time password fobs such as those from RSA generate a code which is valid for only a short period of time and may be used to authenticate with a server that has a key for the fob. CAPTCHAs, which are graphics designed to be human-readable but not machine-readable, are another form of one-time password, as they are generated on the fly for each login. One-time passwords are generally used as a second factor for authentication along with a conventional password. See also: Authentication factors OTP See One Time Password One-way functions A function which is not reversible, or at least not easily. A hash function is a good example: It takes an arbitrarily long data block and generates a fixed-size value which changes with even the slightest change in the input data. But there is no way to generate the data based on the hash. See also: Hash function PKI See Public Key Infrastructure Plain Text See Clear Text Private Key One of two keys in an asymmetric key pair, and the one which must be kept secret. It is uniquely associated with the entity to which/whom it is assigned, and also mathematically linked to its associated public key. The key is used to digitally sign or decrypt data with an appropriate cipher. See also: Public Key, Public Key Cryptography. Private Key Cryptography An encryption system in which only one key is used, both for encryption and decryption, and must be kept as a secret. The fact that the secret may have to be shared with others is a potential weakness. This is also known as symmetric encryption. See also: Symmetric Encryption, Public Key Cryptography Public Key One of two keys in an asymmetric key pair, and the one which must be made available to others with a need to communicate with the holder of the private key. It is uniquely associated with the entity to which/whom it is assigned, and also mathematically linked to its associated private key. The key is used to verify digital signatures made with the private key or encrypt data with an appropriate cipher. See also: Private Key, Public Key Cryptography. Public Key Cryptography A method of asymmetric encryption with a key pair, one of which must be kept secret and the other of which can be made public. Determining the private key from the public key and cipher text is computationally infeasible. A message encrypted with the public key can only be decrypted with the private key. A message may be digitally signed with the private key and others can use the private key to verify the signature.

12

Glossary of Terms - Secure USB

Public Key Infrastructure A set of services, interfaces and policies for the distribution, administration and verification of digital certificates and public/private key pairs by certifying authorities. Rainbow Table Attack A rainbow table is a pre-computed lookup table of hash values and the clear text passwords which correspond to them using a particular hash function. Dereferencing an entry in a table, even an extremely large table, is a fast operation, and calculating large numbers of hashes, especially when the key derivation function has a large number of iterations, is time-consuming. The rapidly-decreasing cost of storage makes it cheap to have tables consuming many gigabytes, or even terabytes of data. Combating rainbow table attacks is a matter of increasing the potential number of entries to the point where the attack is impractical. The main weapon is a sufficiently large salt value. Random Number Generator A process used to create a random, i.e. unpredictable sequence of numbers. Well-designed random number generation is important in cryptography for generation of encryption keys with high entropy. There are two kinds of random number generators: the deterministic kind which generate a random sequence of bits based on an initial value known as a seed, and the nondeterministic kind which generate bits based on unpredictable external inputs, such as a very low fractional value of a time source or mouse movements. See also: Entropy, Public Key Cryptography, seed Replay Attack In the context of ciphers, a replay attack consists of reusing cipher text; for example, resubmitting encrypted credentials in order to impersonate a user. Good implementations introduce variability into cipher text through the use of initialization vectors or separate authentication mechanisms. RNG See Random Number Generator Salt A random value added to a key derivation function. Salts are similar in concept to nonces and initialization vectors. The point is to add variability to the output of the KDF so as to frustrate attacks known as rainbow table attacks. Secret Key Cryptography See Private Key Cryptography Seed An initial value provided to a deterministic random number generator. See also: Random Number Generator SHA (Secure Hash Algorithm) A family of cryptographic hash functions published by NIST (the National Institute of Standards and Technology).26 Over time, research uncovers weaknesses in hash functions. Hash functions are so core to modern cryptography that it is necessary for the technology to stay well ahead of these weaknesses. For this reason, NIST is currently conducting a competition for the next generation of hash in the SHA family27. Some well-known SHA functions include: - SHA-1: A very popular 160-bit hash designed by the National Security Agency and first published in
26 27 http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

13

Glossary of Terms - Secure USB

1995. - SHA-2: A family of functions with a variety of digest sizes: SHA-224, SHA-256, SHA-384 and SHA512. These are algorithmically similar to SHA-1. - SHA-3: The winner of the NIST competition will be designated as SHA-3. The contest is tentatively scheduled to complete in 2012. See also: Hash Functions Software Based Encryption Encryption performed in a program running on a general purpose computer as opposed to on dedicated hardware. See also: FIPS 140-2 Stream cipher A cipher which operates on individual clear text digits in a queue. See also: Block cipher Symmetric Encryption An algorithm in which encryption and decryption use similar, perhaps identical keys, in effect a shared secret. AES is a popular symmetric method, as are Blowfish , DES and Triple DES. See also: Asymmetric Encryption Two-Factor Authentication see authentication factors Trap door functions See hash function Triple DES A symmetric block cipher derived from DES. Triple DES (also known as 3DES) uses the DES cipher, but with an enlarged key set28. The idea of 3DES was to increase the security of DES while making modifications to DES code minimal. 3DES also uses 48 rounds as opposed to DESs 16. 3DES uses 3 56-bit keys as opposed to DESs single 56-bit key. The clear text is encrypted with key 3, decrypted with key 2, and then encrypted with key 1. There are 3 keying options: In option 1, all 3 keys are independent. In option 2, keys 1 and 3 are identical and independent of key 2. In option 3, all 3 keys are identical. Option 1 is the most secure. Option 2 is less secure, but still stronger than conventional DES. Option 3, absurdly, is mathematically identical to conventional DES, but performs 2 unnecessary steps to achieve the same insecure result. See also: DES, Symmetric Encryption U.S. Government Suite B standards A set of recommended cryptographic algorithms developed by the NSA (National Security Agency) for products to be considered capable of protecting classified information up to the SECRET level. The NSA describes Suite B as the heart of their Cryptographic Interoperability Strategy (CIS) 29, the purpose of which is to to find ways to increase assured rapid sharing of information both within the U.S. and between the U.S. and her partners through the use of a common suite of public standards, protocols, algorithms and modes
28 29 http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

14

Glossary of Terms - Secure USB

The Suite B cipher suite, as defined for TLS30, focuses on elliptical curve algorithms . United States Cyber Command (USCYBERCOM) USCYBERCOM 31 is a military command under the United States Strategic Command tasked with centralizing command of cyber warfare matters. The mission of USCYBERCOM is defined32 as including logistical, defensive and offensive operations: ( in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.) USCYBERCOM See United States Cyber Command XTS block cipher mode A mode designed for encryption of data stored on disk which may be exposed and is supported by may drive encryption products. XTS-AES has been approved by NIST with additional requirements and defined as IEEE P161933.

30 31 32 33

http://www.ietf.org/rfc/rfc5430.txt?number=5430 http://www.defense.gov/home/features/2010/0410_cybersec/ http://www.defense.gov/home/features/2010/0410_cybersec/docs/CYBERCOM%2520Fact%2520Sheet%2 520to%2520replace%2520online%2520version%2520on%2520OCT%252013.pdf http://grouper.ieee.org/groups/1619/email/pdf00086.pdf

2011 Kingston Technology Corporation, 17600 Newhope Street, Fountain Valley, CA 92708 USA All rights reserved. All trademarks and registered trademarks are the property of their respective owners.

15
Printed in the USA MKF-405